Athena Forensics - Computer Forensics NewsClick here to return to our News index
Police utilise Armed Forces software to tackle cybercrime
Developed to process data on abuse by British soldiers in Iraq, Ares is being used to tackle child abuse and cybercrime
Forensic investigation of big data documenting child abuse, hate crimes and computer hacking cases is being powered by military software first developed to cope with alleged human rights abuses in Iraq.
Faced with vast quantities of filmed interviews, mobile phone traffic and digital evidence recording the detention of Iraqi prisoners, the Royal Military Police invested in larger and more sophisticated data systems to be used by IHAT, the Iraq Historic Allegations Team.
IHAT's inquiries gathered 75 terabytes of data while investigating five years of alleged abuse by British soldiers between 2003 and 2008.
Processing large volumes of data is now a regular challenge for investigators where mobile phones, laptops, memory sticks and even XBox games consoles increasingly feature.
The old system involved a lone forensic analyst at a computer terminal slowly downloading material. By investing in more advanced software and equipment, the RMP accelerated the processing of digital records and made it easier for investigators to work as a team.
Major Keith Miller, commander of the RMP's Service Police Crime Bureau, said that IHAT's software is now being used by several civilian forces including SO15, the Metropolitan police's counter-terrorism unit.
Without such advances, Miller told the Guardian, the explosion in digital evidence threatened to snarl up the processing of court cases.
The Portsmouth-Based RMP unit invested £1m in a system called Ares, named after the Greek god of war, AccessData software and Dell blade servers. A mobile version costing £600,000 is nicknamed Mars, after the Roman god of war, and can be flown to Afghanistan or wherever military police need to investigate.
"The new system has cut the costs of each investigation significantly," said Miller. "It speeds up the whole process. On a child abuse case, if you bring people in who work together then you can reduce the psychological damage [otherwise inflicted on solitary investigators].
"The amount of data associated with each investigation rises by around 120% year on year. It's often about identifying images, for example, people taking 'happy snaps' of assaults or finding stored hate texts."
The RMP, who last year handed the IHAT investigation over to the Royal Navy police so that the army was not seen to be investigating itself, has used Ares to help the Metropolitan police with Operation Elveden, its investigation into alleged payments by journalists to public officials for information.
The unit also pursues those who hack into high security areas of military installations. "It has tended to be in reaction to an event," said Miller. "We have found people who have entered illegally."
Child pornography and abuse cases, which occur in military life much as elsewhere, increasingly involve digital evidence. "Sequences are often hidden inside other films," Miller said. "The Ares system has a large library of clips so it can compare pornographic material.
"The surveillance can be automated. It recognises clips. There's only a very small percentage of material that's new. Most of it has been used before and is known. You can quickly identify known material.
"In the past you had to sit down and watch a whole movie to check it hadn't been spliced with something else. Now you can bring up the pictures quickly, display it frame by frame and see if its pornographic."
Miller is amazed at how many people believe deleted material cannot be recovered. "We have brought back a lot of stuff and seen people changing not guilty pleas," he said.
In an era of austerity, it is understandable that police forces baulk at the £1.6m Ares now costs. What is more puzzling to Miller is the attachment to physical paperwork displayed by defence lawyers. "We come up against some people who insist on taking paper evidence. I dump it all on them but the data sets now are so large they rarely ask for it in that format again."
Source: The Guardian